Case Study – ISO/IEC 20000 Certification for Leading Middle East Financial Institution

Fox IT assists this organisation to achieve ISO/IEC 20000 certification for their delivery and management of financial services and IT support services to their internal and external customers.


This financial institution identified that obtaining ISO/IEC 20000 (ISO 20000) certification would strengthen its position in the Middle East, and would help to advance its position on the global stage.

Download the Case Study on ISO/IEC 20000 certification

Background and Requirements

The organisation is one of the leading financial institutions in the Middle East and had a desire to strengthen that position, as well as an aspiration to be able to compete internationally with other similar financial institutions. First, implementing processes and practices that were aligned with ISO/IEC 20000, and secondly achieving certification, was seen as a good mechanism for achieving their business objectives.

Business Challenge

With other emerging financial markets in the Middle East, as well as elsewhere globally, the organisation needed to show that it was an integrated financial organisation that fostered the development of a diverse capital market, not only within its own country but with the ability to compete on the international stage.

Additionally, there was a stated desire to improve the confidence of their existing customers in the company as a service provider, and to improve the quality of the services being delivered to them. This needed to be further supported by providing a capability that supported product diversification as well as being able to respond rapidly to changing business requirements.

The organisation recognised that improving their IT service delivery and achieving ISO/IEC 20000 certification would be key elements in helping the business realise their vision and objectives.

Scope and Approach

Fox IT was engaged by the organisation to drive them towards, first and foremost, IT service management (ITSM) excellence by enhancing existing processes and implementing new ones as determined by the requirements of ISO/IEC 20000; and secondly by ensuring readiness for the certification audit process.

The client had already implemented four ITSM processes (to differing levels of maturity), so the first task undertaken was to perform an assessment of those processes as well as all other areas as required by ISO/IEC 20000. The assessment comprised 13 interviews with key process stakeholders, including Senior Management and operational staff, in order to assess existing compliance against the requirements of the Standard. Where available, evidence of process operation was also reviewed, along with observation of certain process activities being undertaken.

The findings were documented in an assessment report that identified maturity ratings for all processes and which would serve as a baseline for measuring future progress towards achieving all of the requirements of ISO/IEC 20000. The report, containing key findings for all areas, also provided comments on the documentary evidence reviewed, as well as detailed recommendations for addressing the identified non-conformities found against the Standard.

The assessment report was further supported by outputs from workshops that defined the certification scoping statement for ISO/IEC 20000, along with a stakeholder map that outlined the services being delivered, the customers of those services and the internal and external teams that supported the delivery and management of those services.

Finally, from the initial phase, a detailed project plan and 18-month roadmap to deliver 15 process workshops, process documentation and implementation and enhancement of new/existing processes was also produced.

Fox IT then commenced the second phase of the project – a set of process workshops that would eventually cover all processes, both existing and new. Existing processes were enhanced and aligned with the requirements of ISO/IEC 20000, and new processes were designed so that they fitted the needs of the organisation as well as the Standard.

Following the development and agreement of each process, (utilising Fox IT’s FoxPRISM™ to accelerate their production timeframe), other supporting documentation was created including relevant policies (as required by ISO/IEC 20000) and other process documentation and templates that would underpin the operation of the processes, such as RACI matrices. Each process then went into an implementation phase, where people were trained and the processes put into trial operation. The processes were then reviewed and enhanced further, as required, before going into formal ‘live’ operation.

The process implementation phase included the development of documents such as a service catalogue, service level agreements, supplier catalogue, service reporting catalogue, as well as other policies and plans as required by ISO/IEC 20000, such as the service management system policy and service management system plan.

Results and Outputs

All of the documented deliverables were embedded within the client’s version FoxPRISM™, Fox IT’s implementation accelerator. This tool not only facilitated expediting the production of agreed processes, policies and other associated documentation, but it was also a key mechanism for disseminating the information across the organisation and for presenting the processes to auditors, showing them a complete set of SMS processes with all of their interfaces and interdependencies clearly identified.

Fox IT also assisted the client in producing associated marketing material publicising the project and its objectives. This included posters for display in the organisation’s corridors, flyers placed on the desk of every user, and wallcharts explaining the elements of the service management system. These were supplemented by the production of ‘quick reference guides’ for certain processes.

Throughout the 18-month engagement, Fox IT carried out interim assessments that enabled the organisation to track the progress of each process as its maturity increased over time. Fox IT also developed a programme of regular internal audits that would ensure that process owners and process managers continued to focus on the specific requirements of their process, after Fox IT had completed their project engagement.

To complement the project activities mentioned, a formal training programme was also instigated. This involved Fox IT delivering a variety of ITIL, ISO/IEC 20000 and Project Management courses.

Value and Benefits

The client achieved certification in February 2011, and became the first organisation of its type within the Middle East & North Africa region to be certified. It was seen as confirmation of their commitment to deliver valued and competitive services to their customers.
Specific benefits derived during the project included:

  • New processes were implemented which had never previously existed, such as service level management and capacity management
  • Improved communication with the Business, including the introduction of regular service review meetings, consistent gathering of service level requirements, enhanced reporting mechanisms and targeted marketing
  • Production of service level agreements that ensured both the Business and IT understood each other’s requirements and delivery capabilities
  • Development of a service catalogue that ensured all parties understood the definition of a service and what each service was comprised of
  • All processes were consistently documented and the information made available to everyone via the use of FoxPRISM on the organisation’s Intranet
  • Improved interfaces and integration between all processes, including for those IT processes that were owned by Business units
  • An improved process-oriented culture, with people understanding their roles more clearly
  • A better understanding of the costs of delivering individual IT services
  • A set of key performance indicators for each process that assisted their ongoing measurement and control
  • Service reports that focused on the Business rather than IT
  • Process maturity ratings over an 18-month period that the client could continue to review and add to, hence tracking continual improvement

About FoxPRISM™

FoxPRISM is a fully interactive web-based process knowledge database that assists in the design, implementation and management of service management processes. It provides a compendium of 32 processes (aligned to ITIL® and ISO/IEC 20000) and enables Fox IT consultants and their clients to accelerate their deliverables and hence realise benefits that much quicker. Click here for more details.

Want to speak to a Fox IT consultant today? Contact us now →